International privacy laws still pose challenges for the discovery process

The discovery process can be cumbersome and expensive regardless of where it takes place, but international laws protecting sensitive information can make the process even more complicated. Especially in the European Union, where a cultural mindset that has protected the private affairs of citizens have been stringently enforced for the better part of a century, collecting information for litigation presents unique challenges that legal departments should be aware of.

Alvin F. Lindsay of Hogan Lovells LLP and an expert in technology and litigation says that within the EU, “Data privacy is usually taken very, very seriously. In fact, after World War II, the European Commission found that the right to privacy in one’s correspondence is a ‘fundamental human right.’”

By 2012 the EU’s Data Protection Directive had strengthened the already high standards of EU citizen’s information, requiring all nation states to enact protection. The directive prevents personal data from being “processed” without the express approval of the individual involved. Processing includes storing, sorting, and many of the other practices associated with discovery.

“It doesn’t matter it’s a corporate employee on a corporate email, it’s still private. Searching is one act of processing that is not legal, though there are some exceptions,” Lindsay says.

These rules were set up to prevent the type of unauthorized categorization of people that lead to atrocities like the Holocaust in Europe, so their importance is undeniable. In the United States, on the other hand, the Federal Rules of Civil Procedure that were enacted during the great depression made all pieces of evidence transparent and available.

What’s interesting is, as opposite as these approaches may seem—preventing the collection of information completely or making all of it available—both rules were enacted to meet similar goals.

“The FRCP were enacted in 1938, and at the time people distrusted corporations, the whole goal was to level the playing field.” Lindsay says. “The thing to keep in mind is that both the totally liberal full discovery concepts in the U.S. and the protections of information in Europe were done to protect the little guy.”

Regardless of how the two separate approaches to personal data information evolved, it’s essential for attorneys and legal departments working with clients or opponents internationally to comply with the discovery restrictions regardless in a given country. While this further complicates the discovery process, violation of terms can result in sanctions and penalties that no legal team would welcome. And according to Lindsay, similar data protection stipulations are likely to pop up in other areas around the world.

“We’ve got this standoff, what I find interesting is, we are the only country that has the style of litigations that we have, what’s interesting is many countries around the world that have adopted code provisions that are in many cases identical to the EU privacy stipulations,” Lindsay says. “I think it will be years before any elegant solution shakes out.”

In the meantime Lindsay points out several things that legal departments should be doing to remain compliant and respectful to different privacy standards when it comes to the discovery process.

Educate both the U.S. court and opposing counsel early on regarding the legal hurdles involved

Secure a protective order prohibiting the disclosure of any private materials outside the litigation context

Minimize the amount of data that the company must process and transfer